[packages/apache] - up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740

Wed, 28 Dec 2016 23:48:03 -0800 

commit c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc
Author: Arkadiusz Miśkiewicz <[email protected]>
Date:   Thu Dec 29 08:35:55 2016 +0100

    - up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, 
CVE-2016-5387, CVE-2016-8740

 apache-CVE-2016-5387.patch | 19 -------------------
 apache.spec                |  8 +++-----
 2 files changed, 3 insertions(+), 24 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 9092209..94b9acd 100644
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8):       Servidor HTTPD para prover 
serviços WWW
 Summary(ru.UTF-8):     Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
-Version:       2.4.23
-Release:       2
+Version:       2.4.25
+Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 04f19c60e810c028f5240a062668a688
+# Source0-md5: 2826f49619112ad5813c0be5afcc7ddb
 Source1:       %{name}.init
 Source2:       %{name}.logrotate
 Source3:       %{name}.sysconfig
@@ -77,7 +77,6 @@ Patch1:               %{name}-layout.patch
 Patch2:                %{name}-suexec.patch
 Patch3:                %{name}-branding.patch
 Patch4:                %{name}-apr.patch
-Patch5:                %{name}-CVE-2016-5387.patch
 
 Patch7:                %{name}-syslibs.patch
 
@@ -2645,7 +2644,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and 
print-env.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 %patch7 -p1
 
diff --git a/apache-CVE-2016-5387.patch b/apache-CVE-2016-5387.patch
deleted file mode 100644
index b8e9c14..0000000
--- a/apache-CVE-2016-5387.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/server/util_script.c b/server/util_script.c
-index 5e071a2..443dfb6 100644
---- a/server/util_script.c
-+++ b/server/util_script.c
-@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
-         else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) {
-             apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-         }
-+        /* HTTP_PROXY collides with a popular envvar used to configure
-+         * proxies, don't let clients set/override it.  But, if you must...
-+         */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+        else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
-+            ;
-+        }
-+#endif
-         /*
-          * You really don't want to disable this check, since it leaves you
-          * wide open to CGIs stealing passwords and people viewing them
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to